A massive leak appeared the web today, and it's got some huge security implications for every iPhone on the market. On the plus side, it also has some potential for enabling deep-level modifications and jailbreak tweaks.
GitHub user ZioShiba posted the iBoot source code for iOS 9.3 in all its glory (it has since been taken down due to a DMCA request from Apple). Though there's no word yet on exactly where this code came from or how ZioShiba got it, we've had a look at it and it's definitely the real deal. It's possible that it has been floating around the web for at least 4 months already.
iBoot is a part of iOS that enables the secure boot chain — in other words, it's a low-level piece of software that verifies each part of your iPhone's operating system loads properly every time you turn on your phone. If you're familiar with Android, it's very similar to Fastboot. Or if you're a Windows pro, you can liken it to BIOS.
With the source code now floating out there in the ether, it's not unreasonable to expect that someone could do some reverse engineering to find loopholes and workarounds — ways to bypass iOS' secure boot chain. Though it's the iOS 9.3 version of iBoot, it's not a stretch to imagine that some of these loopholes or workarounds could apply to even the latest version of iOS.
Such a hack could be used maliciously as way to bypass Apple's security measures, potentially including your lock screen and disk encryption. The next time the FBI wants to get into someone's iPhone, they could feasibly use this code to find their way in. Thieves and hackers, too — the security ramifications here are huge.
But there's a silver lining if you're into customization and jailbreak tweaks. If the right people get their hands on this code and work their magic, it's possible that such a hack could be used for good. If users could bypass Apple's secure boot chain, they could load up custom operating system files instead of iOS — much like Android's Fastboot mode lets users install custom ROMs.
Another upside is that this could actually lead to improved security on iPhones. Apple offers up to $200,000 for finding critical bugs in iBoot. This bug bounty program should incentivize programmers to dig through the leaked iBoot source with a fine-toothed comb. In the long run, we could see several patches applied to future versions of iBoot to make iPhones more secure than ever.
Apple indirectly confirmed the code was real by issuing a DMCA request to GitHub to take down the offending links that contained confidential and propriety data, though clones of the code have already spread — it's the internet, after all.
Later, Apple issued an official statement on the matter to CNET, downplaying security risks:
Old source code from three years ago appears to have been leaked, but by design the security of our products doesn't depend on the secrecy of our source code. There are many layers of hardware and software protections built in to our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections.
In other words, updates to iBoot since iOS 9.3 have added software security mechanisms that aren't included in this leak, meaning there's less risk if you're running the latest version of iOS. As for the hardware protections Apple mentions, much of that pertains to Apple's Secure Enclave system, which uses hard-coded root of trust keys to ensure that the software being loaded by iBoot isn't modified or compromised. Secure Enclave is a feature included in all iOS devices using at least an A7 SoC — so iPhone 5s, iPad mini 2, or newer devices.
This story is still developing, so check back here for updates. We've reached out to ZioShiba for comment, but haven't heard back yet. One way or another, this is definitely exciting news, so we'll stay on top of it as the story unfolds.